515
Related commands
display ipsec
ipv6-policy
display ipsec
policy
transform-set
Use
transform-set
to specify an IPsec transform set for an IPsec policy, IPsec policy template, or
IPsec profile.
Use
undo transform-set
to remove the IPsec transform set specified for an IPsec policy, IPsec
policy template, or IPsec profile.
Syntax
transform-set transform-set-name
&<1-6>
undo
transform-set
[
transform-set-name
]
Default
No IPsec transform set is specified for an IPsec policy, IPsec policy template, or IPsec profile.
Views
IPsec policy view
IPsec policy template view
IPsec profile view
Predefined user roles
network-admin
Parameters
transform-set-name
&<1-6>: Specifies a space-separated list of up to six IPsec transform sets by
their names, a case-insensitive string of 1 to 63 characters.
Usage guidelines
You can specify only one IPsec transform set for a manual IPsec policy. If you execute this command
multiple times, the most recent configuration takes effect.
You can specify a maximum of six IPsec transform sets for an IKE-based IPsec policy. During an IKE
negotiation, IKE searches for a fully matched IPsec transform set at the two ends of the IPsec tunnel.
If no match is found, no SA can be set up, and the packets expecting to be protected will be dropped.
If you do not specify the
transform-set-name
argument, the
undo transform-set
command removes
all IPsec transform sets specified for the IPsec policy, IPsec policy template, or IPsec profile.
Examples
# Specify the IPsec transform set
prop1
for the IPsec policy
policy1
.
<Sysname> system-view
[Sysname] ipsec transform-set prop1
[Sysname-ipsec-transform-set-prop1] quit
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] transform-set prop1
Related commands
ipsec
{
ipv6-policy
|
policy
}
ipsec profile
ipsec transform-set